<?php defined("MAIN_DIR") or die("No direct access");

$user_id = UV::readInt($route->getPath(5));

$error = array();
if (isset($_POST['action']) && $_POST['action'] == "edit")
{
	if ($_POST['user_id'] == 1 && $_SESSION['admin'] != 1) {
		to("/admin/site/users/");
	}
	$user = mysql_fetch_array(mysql_query("select * from `admin` where `admin_id` = '$_POST[user_id]' limit 1"));
	
	$login = filter_var($_POST['login'],FILTER_SANITIZE_MAGIC_QUOTES);
	if ($_POST['new_pass'] != "")
	{
		$old_pass = md5($_POST['old_pass']);
		if ($old_pass != $user['password'])
			$error['old_pass'] = "Неверно указан старый пароль";
		$new_pass = md5($_POST['new_pass']);
		$repeat_pass = md5($_POST['repeat_pass']);
		if ($new_pass != $repeat_pass)
			$error['repeat_pass'] = "Неверно указан повтор пароля";
	}
	else
		$new_pass = $user['password'];
	if (count($error) == 0)
	{
		$edit_query = "update `admin` set `login`='$login',`password`='$new_pass' where `admin_id` = '$user[admin_id]' limit 1";
		if (!mysql_query($edit_query))
			$error['query'] = "Не удалось отредактировать";
	}
}
if ($user_id)
{
	if ($user_id == 1 && $user->getId() != 1) {
		to("/admin/site/users/");
	}
	
	$user_res = mysql_query("select * from `admin` where `admin_id` = '$user_id' limit 1");
	if (mysql_num_rows($user_res) == 0) {
		to("/admin/site/users/");
	}
	$user_row = mysql_fetch_array($user_res);
}

require_once ADMIN.HEADFILE;
?>
<div align="left">
<h1>Редактирование пользователя <?php echo $user_row['login']; ?></h1>
<hr /><?php
if (isset($_POST['action']) && $_POST['action'] == "edit" && count($error) == 0)
	echo "<p style='color:green'>Успешно отредактировано</p>";
elseif (count($error) > 0)
	echo "<p style='color:red'>".implode("<br />",$error)."</p>";
?><form method='POST'>
<input type='hidden' name='action' value='edit' />
<input type='hidden' name='user_id' value='<?php echo $user_row['admin_id']; ?>' />
<table cellpadding='5' cellspacing='0'>
	<tr>
		<td width="150px">ID</td>
		<td width="300px"><input style="width:200px" type='text' name='user_id' value='<?php echo $user_row['admin_id'];?>' disabled /></td>
	</tr>
	<tr>
		<td>Логин</td>
		<td><input style='width:100%' type='text' name='login' value='<?php echo $user_row['login'];?>' /></td>
	</tr>
	<tr>
		<td>Последний IP</td>
		<td><input style='width:100%' type='text' value='<?php echo $user_row['last_ip'];?>' disabled /></td>
	</tr>
	<tr>
		<td>Последнее время активности</td>
		<td><input style='width:100%' type='text' value='<?php echo date("d.m.Y H:i",$user_row['last_time']);?>' disabled /></td>
	</tr>
	<tr>
		<td colspan='2'><hr /></td>
	</tr>
	<tr>
		<td>Старый пароль</td>
		<td><input style='width:100%' type='password' name='old_pass' /></td>
	</tr>
	<tr>
		<td>Новый пароль</td>
		<td><input style='width:100%' type='password' name='new_pass' /></td>
	</tr>
	<tr>
		<td>Повтор пароля</td>
		<td><input style='width:100%' type='password' name='repeat_pass' /></td>
	</tr>
	<tr valign='top'>
		<td colspan='2' align="right"><button style="width:100px;height:30px" type="submit">Сохранить</button></td>
	</tr>
</table>
</form>
<br /><hr /><br />
</div>

<?php require_once ADMIN.FOOTERFILE; ?>